package com.zlt.appparking.shiro.filter;


import com.fasterxml.jackson.databind.ObjectMapper;

import com.zlt.appparking.shiro.config.JWTToken;

import com.zlt.appparking.utils.StringUtil;
import com.zlt.appparking.vo.Result;
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;
import org.springframework.stereotype.Component;


import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@Slf4j
public class ShiroAuthcFilter extends FormAuthenticationFilter {

    @Override
    protected boolean onAccessDenied(ServletRequest req, ServletResponse resp) throws Exception {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;
        log.info("当前拦截的路径{}",request.getRequestURI());
        String token = request.getHeader("token");
        if (StringUtil.isNotNull(token)){
            try {
                SecurityUtils.getSubject().login(new JWTToken(token));
                return true;
            } catch (AuthenticationException e){
                response.setContentType("application/json;charset=utf-8");
                response.getWriter().write(new ObjectMapper().writeValueAsString(Result.notLogin(e.getMessage())));
                return false;
            }
        } else {
            response.setContentType("application/json;charset=utf-8");
            response.getWriter().write(new ObjectMapper().writeValueAsString(Result.notLogin()));
            return false;
        }
    }

    /**
     * shiro跨域处理
     * @param req
     * @param resp
     * @return
     * @throws Exception
     */
    @Override
    protected boolean preHandle(ServletRequest req, ServletResponse resp) throws Exception {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) resp;
        String method = request.getMethod();
        //设置响应头
        //设置哪些地方的请求可以跨域 * 表示任意请求  多个值可以用,隔开
        //"http://localhost:9999,http://localhost:8888"
        response.setHeader("Access-Control-Allow-Origin",request.getHeader("Origin"));
        //是否允许携带cookie
        response.setHeader("Access-Control-Allow-Credentials","false");
        // 允许的请求方式
        response.setHeader("Access-Control-Allow-Methods","GET,POST,HEAD,DELETE,PUT,OPTIONS");
        //允许的请求头
        response.setHeader("Access-Control-Allow-Headers","Origin, X-Requested-With, Content-Type,token,Accept, Connection, User-Agent, Cookie");
        //允许浏览器获取的响应头
        response.setHeader("Access-Control-Expose-Headers","token");
        // 超时时间
        response.setHeader("Access-Control-Max-Age","362880");
        if("OPTIONS".equalsIgnoreCase(request.getMethod())){
            return false;
        }
        return super.preHandle(request, response);
    }
}
